CVE-2025-36049

Name of the Vulnerable Software and Affected Versions IBM webMethods Integration Server versions 10.5, 10.7, 10.11, and 10.15

Description The issue is related to an XML external entity injection (XXE) attack when processing XML data. A remote authenticated attacker could exploit this to execute arbitrary commands.

Recommendations For IBM webMethods Integration Server versions 10.5, 10.7, 10.11, and 10.15, consider disabling XML external entity processing until a patch is available. Restrict access to XML data processing modules to minimize the risk of exploitation. Avoid using vulnerable XML parsing functions until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.